david maman security virtualization idc
DESCRIPTION
A lecture I gave at the IDC IT Security Road show, last June, 2008. Talked about Information Security virtualization, I was still at Fortinet at the time.TRANSCRIPT
![Page 1: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/1.jpg)
Security Virtualization and Value Added Services
David Maman, Fortinet
IDC IT Security Roadshow, June 03, 2008 Securing Your Business: Technology Meets People
![Page 2: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/2.jpg)
What is Virtualization?
The act of abstracting the (physical and logical)
boundaries of a technology.
![Page 3: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/3.jpg)
Fortinet Confidential
Many ways to VirtualizationServersDesktopsApplicationsNetworksStorage
![Page 4: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/4.jpg)
Fortinet Confidential
Consolidate Physical Resources• Logical resources may remain the same!
Reduce Power ConsumptionStreamline System RecoveryControl and Provide GrowthSimplify system maintenanceOptimize Resource UtilizationMaintain OS Versions and updatesTesting and DevelopmentTraining
The Economist, May 22nd 2008
Why Virtualize?
![Page 5: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/5.jpg)
Consolidated security
MSSP - Managed Security Service Provider
Fortinet
![Page 6: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/6.jpg)
Centralized (Virtualized) Security(Consolidated security)
![Page 7: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/7.jpg)
![Page 8: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/8.jpg)
Fortinet Confidential
Information Security Over head.High availability solutions
Separated management Interfaces
Troubleshooting madness
Training period
Updates and upgrades
Support ?! Who and for what?
Logging a reporting
Hardware coasts
![Page 9: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/9.jpg)
Fortinet Confidential
Virtualized Security must feel with, Without.
Performance
Management
Flexibility
Content Security
Reliability / Density
Logging / Reporting
Of course it’s not
running in a Virtual…..
Of course it’s not
running in a Virtual…..
![Page 10: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/10.jpg)
Centralized Internal Security Consolidation
Back BoneSwitching
Centralized Logging and Reporting
Out of Band
Management
Department AHA security solution with Virtual Solutions
Department B
Department C
Project A
Project BProject C
Server Farm
Internet Access
INTERNET
![Page 11: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/11.jpg)
= Virtual Security Entity
![Page 12: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/12.jpg)
Consolidated security
MSSP - Managed Security Service Provider
Fortinet
![Page 13: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/13.jpg)
Managed Security Solutions
MSSP SolutionManaged Security Service Provider
![Page 14: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/14.jpg)
Fortinet Confidential
Managed Security Services
• Customer PremisesProvider independentAffordable quality of securityLow cost of entry & operationsEnforcing Internal information security
• Centralized ‘In the cloud’Provider dependentHigh availability & Controlled environmentSimple logistics“Clean Pipe” to the customerCentralized upgrade
![Page 15: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/15.jpg)
Centralized services
INTERNET Customer NetworkMPLS, Frame, Leased Line
Customer A Customer B
Customer C Customer D
Centralized Management
Centralized Logging and Reporting
NOC/ SOC
Customer Portal
![Page 16: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/16.jpg)
Fortinet Confidential
Customer PremisesCOMPANY B
COMPANY D
COMPANY A
INTERNET II
COMPANY C
COMPANY E
Centralized Management
Centralized Logging and Reporting
NOC
Customer Portal
INTERNET I
![Page 17: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/17.jpg)
Fortinet Confidential
Managed Security Services
• Customer PremisesProvider independentAffordable quality of securityLow cost of entry & operationsEnforcing Internal information security
• Centralized ‘In the cloud’Provider dependentHigh availability & Controlled environmentSimple logistics“Clean Pipe” to the customerCentralized upgrade
![Page 18: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/18.jpg)
Fortinet Confidential
• Central Logging• Event Correlation• Network data statistics • Per customer Reporting • Report scheduler• Automated report distribution by
Central Management• Centralizes functions for:
Product DeploymentsReal-time MonitoringDevice/Policy MaintenanceDevice/Security Updates
Central Logging / Reporting
![Page 19: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/19.jpg)
About Fortinet
Consolidated security
MSSP - Managed Security Service Provider
![Page 20: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/20.jpg)
Fortinet Confidential
Company Overview• First Multi-Layered Security Platform provider that leverages ASIC technology • Largest private network security company
~ 1100 employees / > 650 R&D320,000 + FortiGate devices WWFounded in 2000Largest Privately Held Security CompanyGlobal Operations in U.S., EMEA & Asia Pac
• Independent certifications8 ICSA certifications (only vendor)Government Certifications (FIPS-2, C C EAL4+)60+ industry awards11 patents; 80+ pendingVirus Bulletin 100 approved (2005, 06,07) and NSS Certifications
![Page 21: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/21.jpg)
Fortinet products are used by:
• 7500 + Installations
• MSSP: Bezeqinternational, Netvision, 012 Smile, BEZEQ
• Strongest ever Market penetration in Israel 5000 + Customers < 4 years
• Major penetration: Enterprise, Finance, IDF, government, Telecom, etc
Israel Customer Base
![Page 22: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/22.jpg)
Flexible Multi-Layered Security Platform
10/100 Mbps 10 Gbps1 Gbps
ROBO/SOHOPerimeter Core Data Center Future
FortiGate-50B – FortiGate-100A
SMB & Remote OfficeSMB & Remote Office
EnterpriseEnterprise
Carrier, MSSP &Carrier, MSSP &Large EnterpriseLarge Enterprise
Secure ESecure E--Mail & Client SoftwareMail & Client Software
Powerful Centralized Powerful Centralized Management & ReportingManagement & Reporting
The FortiASIC™ FamilyNetwork ASIC (NP)
Firewall accelerationVPN (IPSEC and SSL)IPS anomaly
Application ASIC (CP)Antivirus (+Antispyware) AccelerationWeb Filtering and Antispam Advantage from Accelerated AV scanningTraffic Shaping
Multiple Threat TypesVarious Application Entry PointsDifferent FunctionsThreat Payload Intent VariesBroad Range of Propagation Techniques
Application Threat VectorViruses & SpywareSpam & Directory Harvest AttacksWeb PhishingIM and P2P file transfers
Network Threat VectorNetwork WormsDDOS/DOSIP Packet Capture Spoofing & Man-In-The-Middle
![Page 23: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/23.jpg)
Fortinet is the Only:• Only complete solution with custom ASICs• Only complete solution from remote office to core and
service providers with consistent code/hardware base.• Only complete solution that can do deep packet inspection • Only company with internal research on WCF, AS, AV, IPS• Only complete solution that does layer three routing • Only True virtualized solution for MSSP and enterprise• Only Security solution with Virtual solutions in Route and
Transparent over the same Hardware!!!• Only solution with complete layer two switching• Only solution with real centralized Management interface• Only solution with real reporting and logging interface
![Page 24: David Maman Security Virtualization Idc](https://reader033.vdocuments.us/reader033/viewer/2022061214/549c1017ac7959a62a8b4618/html5/thumbnails/24.jpg)
Fortinet Confidential
Fortinet MSSP Customers Success
…rely on protection from Fortinet